More

man8alexd · 2026-03-20T17:31:07 1774027867

Codex for some reason sometimes runs Perl instead of Python to work with local files

man8alexd · 2026-03-20T10:31:12 1774002672

Grype, Clair

man8alexd · 2026-03-20T06:58:59 1773989939

More details here: https://www.stepsecurity.io/blog/trivy-compromised-a-second-...

Current GitHub discussion (the old discussion was removed by the attacker): https://github.com/aquasecurity/trivy/discussions/10420

man8alexd · 2026-03-11T09:58:05 1773223085

There are some mistakes in these blog posts, especially the one about overcommit.

man8alexd · 2026-03-11T05:56:48 1773208608

systemd allows setting cgroup memory limits.

man8alexd · 2026-03-11T05:44:28 1773207868

Just tune the kernel watermarks - vm.min_free_kbytes and vm.watermark_scale_factor

hackernudes · 2026-03-22T05:52:58 1774158778

I do wish I had documented what I tried better! There might be a magic combo that could have helped but I tried tweaking a lot of the vm settings.

One day I will probably see if I can still reproduce the original problem and be more methodical about it. More likely on list of things I might not ever get around to.

man8alexd · 2026-03-11T05:34:30 1773207270

3. vm.oom_kill_allocating_task is a footgun. It kills the last task that asked for memory and it could be any random task in the system.

4. disabling overcommit is another footgun, it makes malloc fail long before the memory is exhausted. See for a detailed explanation https://unix.stackexchange.com/a/797888/1027

man8alexd · 2026-03-11T05:26:56 1773206816

It seems to be a persistent myth. The Linux kernel explicitly excludes active VM_EXEC pages from reclaim.

man8alexd · 2026-03-10T14:21:45 1773152505

Just discovered that Debian still has ifmail and binkd packages.

man8alexd · 2026-03-10T13:43:32 1773150212

The ex-USSR segment of FIDONET became the largest in the world around 1995-1996. Internet access was rare and very expensive until around 2000.